Information Security Lectures

Chapter 1
Concept of Security
2/2/2023 Vivek Kapoor 1

Concepts of Security
What are we trying to protect ?
Why is there need for security

Mechanisms
• Provide user id and password.

• Encode the information

Security Approaches
• No security.
• Security through obscurity.
• Host Security.
• Network Security.

Management Policies
• Affordability.
• Functionality.
• Cultural issues.
• Legality.

Points to be insured
• Explanation of policies to all.
• Outline responsibilities.
• Simple language.
• Accountability.
• Exception and periodic reviews.

Principles of Security
• Confidentiality.(Interception)
• Integrity.(Modification)
• Authentication.(Fabrication)
• Non Repudiation.(Denial of claim)
• Access control.
• Availability.(Interruption)

Types of Attacks
• Passive (Release of message contents).

• Active.
Active
Interruption Fabrication
Modification
(Masquerade) (Denial of Service)
Replay Attacks Alterations

Practical side of attacks
• Application level attacks.

• Network level attacks.

Security Attacks at various level
• Virus
Add x to y
Add x to y
Perform print job
Perform print job
Perform virus job Delete all files
Perform close job
Perform close job Return
End
End

Security Attacks at various level
• Worms.
• Trojan Horse.
• Applets and activeX controls.
• Cookies

Specific Attacks
• Packet Sniffing.
• Packet Spoofing.
• DNS Spoofing.

Outline of our course
• Classical and fundamental cryptographic
techniques.
• Symmetric key cryptography (Stream & Block
cipher, Various modes, DES, IDEA, RC5,
Blowfish)
• Asymmetric key cryptography (RSA, Knapsack,
Elliptical curve cryptography, El Gamal)
• Digital Signatures (Message Digests, MD5,
Secure Hash Algorithm (SHA), MAC, HMAC)
• Public Key Infrastructure.
• Internet security protocols.

Thank You.
**************************************************

Chapter 2
Data Security

Cryptography
• Hiding Information.
• Cryptography referred almost exclusively
to encryption, the process of converting
ordinary information (plaintext) into
unintelligible gibberish (i.e., ciphertext).
• Decryption is the reverse, moving from
unintelligible ciphertext to plaintext

Key words
• Plain Text.
• Cipher text.
• Algorithm.
• Encryption.
• Decryption.
• Key.
• Brute force attack. (brute force attack is a
method of defeating a cryptographic scheme by
trying a large or all possible number of
possibilities)
• Cryptanalyst. (code breaking or cracking the
code)
Classical Cryptographic Techniques
• Substitution Techniques. (Characters of

plain text are replaced by another
characters)
• Transposition Techniques. (Perform
permutation over plain text characters)
• Product Cipher (Both Approaches).

Substitution Techniques
• Caeser Cipher.
• Modified version of Ceaser cipher.
• Monoalphabetic cipher.
• Homophonic cipher.
• Polygram substitution cipher.
• Polyalphabatic substitution cipher.

Caeser Cipher
• Caesar cipher using a left rotation of three
places (the shift parameter, here 3, is used as
the key)
• Plain: ABCDEFGHIJKLMNOPQRSTUVWXYZ
Cipher: DEFGHIJKLMNOPQRSTUVWXYZABC
• The encryption can also be represented using
modular arithmetic by first transforming the
letters into numbers, according to the scheme, A
= 0, B = 1,..., Z = 25.Encryption of a letter x by a
shift n can be described mathematically as,
E_n(x) = (x + n) \mod {26}.
• Decryption is performed similarly
D_n(x) = (x - n) \mod {26}
Modified version of Ceaser cipher.
• As English language has 26 alphabets hence

key could from 1 to 26 i.e 25 possibilities of
replacement.
• The first reason why this strategy fail is that
there are only very few keys
• One way to defeat this strategy is to vastly
increase the number of available keys.
• The second reason why the exhaustive
strategy works is that English is highly
recognizable.
Monoalphabetic cipher
• Instead of using a shifted alphabet, allow the use
of any shuffle of the alphabet.
• For encryption, look up letter in top line, write
down equivalent from bottom line.
• ABCDEFGHIJKLMNOPQRSTUVWXYZ
• UFKCOQRGMYTHZEJBILDVPSWANX
• For decryption, look up letter in bottom line, write
down equivalent from top line.
• XPDSNBHLQOCRIYEUFGVKATWZJM
• ABCDEFGHIJKLMNOPQRSTUVWXYZ
• The only difference is that the encryption key
has the columns sorted in order of their plaintext
letter, but the decryption key has them in order
of their cryptotext letter.
• A general monoalphabetic cipher clearly
has a large number of possible keys.
• Exactly how many possibilities are there?
• We could put any of 26 letters in first
position
• Any of 25 remaining letters in position
two.And so on . . .
• There are 26×25×· · ·×1 = 403, 291, 461,
126, 605, 635, 584, 000, 000 possibilities

• It would take trillions of years to blindly

explore all these possibilities.
• Yet breaking a monoalphabetic cipher is
childs play.
• How can this be?
• Obviously, the answer does not involve
blind search.

• As we know that some alphabets in
English language occur more frequently
than others.
• Language analyst will found probability of
occurrence each letter in the text.

Homophonic substitution
• Plaintext letters map to more than one

ciphertext symbol.
• Frequency distribution is flattened, making
analysis more difficult.
• A = DBHK
• B = KLPS etc……..

Polygram substitution cipher
• Here blocks of plain text alphabets are

replaced by block of cipher text alphabets.
HELLO = YUQQW
HELL = TEUI

Polyalphabetic substitution
• Multiple one character keys.

• Each key encrypt one plain text character.
• 1st key encrypts 1st plain text 2nd key
encrypts 2nd plain text and so on…..
• After all the keys are used they are
recycled.
• Hence number of keys used are called the
period of cipher.
Transposition Techniques
• Rail Fence Technique.

• Simple Columnar Transposition Technique.
• Simple Columnar Transposition Technique
with multiple rounds.
• Vernam Cipher (one – Time Pad).
• Book Cipher/Running Key Cipher.
• Playfair Cipher.
• Hill Cipher.

Rail Fence cipher
• Writing plain text as a sequence of diagonals
and then reading it row by row to produce cipher
text.
• For example, using three "rails" and a message
of 'WE ARE DISCOVERED. FLEE AT ONCE', the
cipherer writes out:
W . . . E . . . .C . . . . R . . . .L . . . . T . . . . . E .
.E . R . D . S . O . E . E . F . E . A . O . C . .
. A . . . I . . . . .V . . . . D . . . E . . . . N . .
Cipher text:
WECRL TEERD SOEEF EAOCA IVDEN
Simple Columnar Transposition
Technique
• The message is written out in rows of a fixed
length, and then read out again column by
column.
• Columns are chosen in some scrambled order.
• Message WE ARE DISCOVERED. FLEE AT ONCE. In
a regular columnar transposition, we write this into
the grid as:
• 6 3 24 1 5
• W E AR E D
• I S COV E
• RE D F L E
• EA TO N C
•2/2/2023
EQ KJ E U Vivek Kapoor 32
Technique
• For example, the word ZEBRAS is of
length 6 (so the rows are of length 6), and
the permutation is defined by the
alphabetical order of the letters in the
keyword. In this case, the order would be
"6 3 2 4 1 5".
• Providing five nulls (QKJEU) at the end.
The cipher text is then read off as:EVLNE
ACDTK ESEAQ ROFOJ DEECU WIREE .

Technique with multiple rounds
• Basic procedure is to use simple columnar
transposition technique , but do it more
than once.
• Simple columnar transposition technique
with multiple rounds is much more
complex.

Vernam Cipher (one – Time Pad).
• It is implemented using a random set of

non-repeating characters as the input
cipher text.
• Length of input cipher text is equal to the
length of the original plain text and it is
used only one time.
• It is used short messages.

Vernam Cipher (one – Time Pad)
• Message: HOW ARE YOU
• Cipher text message is: UQXTUYFR
Plain Text H O W A R E Y O U
7 14 22 0 17 4 24 14 20
One Time pad N C B T Z Q A R X
13 2 1 19 25 16 0 17 23
Total 20 16 23 19 42 20 24 31 43
Subtract 26, 20 16 23 19 16 20 24 5 17
if >25
Cipher text U Q X T Q U Y F R

Playfair Cipher
• The Playfair cipher uses a 5 by 5 table
containing a key word or phrase.
• To generate the key table, one would first fill in
the spaces in the table with the letters of the
keyword (dropping duplicate letters), then fill the
remaining spaces with the rest of the letters of
the alphabet in order (put both "I" and "J" in the
same space).
• The key can be written in the top rows of the
table, from left to right.
• To encrypt a message, one would break the
message into digraphs (groups of 2 letters).
Playfair Cipher
• To encrypt a message, one would break the message
into digraphs (groups of 2 letters).
• Then apply the following 4 rules, in order, to each pair of
letters in the plaintext:
1. If both letters are the same (or only one letter is left), add
an "X" after the first letter. Encrypt the new pair and
continue. Some variants of Playfair use "Q" instead of
"X", but any uncommon monograph will do.
2. If the letters appear on the same row of your table,
replace them with the letters to their immediate right
respectively (wrapping around to the left side of the row
if a letter in the original pair was on the right side of the
row).

Playfair Cipher
3. If the letters appear on the same column of your
table, replace them with the letters immediately below
respectively (wrapping around to the top side of the
column if a letter in the original pair was on the bottom
side of the column).
4. If the letters are not on the same row or column,
replace them with the letters on the same row
respectively but at the other pair of corners of the
rectangle defined by the original pair. The order is
important – the first encrypted letter of the pair is the one
that lies on the same row as the first plaintext letter.

Playfair Cipher
• Using "playfair example" as the key, the table becomes
• PL A Y F
• I R E X M
• BC DG H
• J K NO S
• TU V WZ
• Encrypting the message "Hide the gold in the tree
stump":
• HI DE TH EG OL DI NT HE TR EX ES TU MP
• Thus the message "Hide the gold in the tree stump"
becomes "BMNDZBXDKYBEJVDMUIXMMNUVIF".
Advantages
• Identification of individual diagrams is difficult.
• Frequency analysis difficult.
Hill Cipher
• Hill cipher is a polygraphic substitution cipher based on

linear algebra.
• Often the simplest scheme is used: A = 0, B =1, ..., Z=25,
• A block of n letters is then considered as a vector of n
dimensions, and multiplied by a n × n matrix, modulo 26.
• The whole matrix is considered the cipher key, and
should be random.
• p (p1,p2,p3) = Plain text , c(c1,c2,c3) = Cipher text

Example
C1 = 9*p1 + 18*p2 + 10*p3 (mod 26)

C2 = 16*p1 + 21*p2 + 1*p3 (mod 26)
C3 = 5*p1 + 12*p2 + 23*p3 (mod 26)
C1 9 18 10 p1
C2 = 16 21 1 p2 (mod 26)
C3 5 12 23 p3

I can’t do it
 EOM TMY SVJ
8 2 0 13 19 3 14 8 19
4 9 18 10 8
14 = 16 21 1 2 (mod 26)
12 5 12 23 0
19 9 18 10 13
12 = 16 21 1 19 (mod 26)
14 5 12 23 3
18 9 18 10 14
21 = 16 21 1 8 (mod 26)
9 5 12 23 19

Hill – key is matrix
k11 k12 k13
k21 k22 k23
k31 k32 k33
Generalize to any size, larger blocks
Matrix must be invertible

Hill -- bad matrix
bcd  XJR
hfa  XJR
23 9 18 10 1
9 = 16 21 1 2 (mod 26)
17 5 12 22 3
23 9 18 10 7
9 = 16 21 1 5 (mod 26)
17 5 12 22 0

Hill Cipher
• Hill Cipher
• Takes n successive letters. Each letter of the
• English alphabet is assigned a value: a = 0, b = 1, c = 2,
..., y = 24, z = 25
• A set of linear equations is used to define the
encryption using modular arithmetic.
Structure (3 characters at a time):
• – C1 = K1,1 P1 + K1,2 P2 + K1,3 P3 mod 26
• – C2 = K2,1 P1 + K2,2 P2 + K2,3 P3 mod 26
• – C3 = K3,1 P1 + K3,2 P2 + K3,3 P3 mod 26

How to decrypt?
The receiver knows the key, and can solve the system of
equations for unknowns Pi :
• – C1 = K1,1 P1 + K1,2 P2 + K1,3 P3 mod 26
• – C2 = K2,1 P1 + K2,2 P2 + K2,3 P3 mod 26
• – C3 = K3,1 P1 + K3,2 P2 + K3,3 P3 mod 26
This system has solutions iff the matrix K is invertible.
• Let M be its inverse. Then:
• – P1 = M1,1 C1 + M1,2 C2 + M1,3 C3 mod 26
• – P2 = M2,1 C1 + M2,2 C2 + M2,3 C3 mod 26
• – P3 = M3,1 C1 + M3,2 C2 + M3,3 C3 mod 26

Hill Cipher
• C = Ek(P) = KP mod 26
• P = Dk(C) = K-1C mod 26 = K-1KP = P

Symmetric Key Cryptography
• Problem of key distribution/agreement/exchange.

• Large number of keys required for communication
between different parties.
• If no. of parties are n then we required n*(n-1)/2 keys. i.e
for 2 parties key required is 1
for 5 parties key required is 10 and so on…………

Diffie-Hellman key exchange
• It is a cryptographic protocol that allows two parties that

have no prior knowledge of each other to jointly establish
a shared secret key over an insecure communications
channel. This key can then be used to encrypt
subsequent communications using a symmetric key
cipher.
• Synonyms of Diffie-Hellman key exchange include:
• Diffie-Hellman key agreement
• Diffie-Hellman key establishment
• Diffie-Hellman key negotiation
• Exponential key exchange

• Key Exchange

• The simplest, and original, implementation of the
protocol uses the Multiplicative group of integers modulo
p, where p is prime and g is primitive root mod p. Here is
an example of the protocol:
• Alice and Bob agree to use a prime number p=23 and
base g=5.
• Alice chooses a secret integer a=6, then sends Bob (ga
mod p)
– 56 mod 23 = 8.
• Bob chooses a secret integer b=15, then sends Alice (gb
mod p)
– 515 mod 23 = 19.

• Alice computes (gb mod p)a mod p

– 196 mod 23 = 2.
• Bob computes (ga mod p)b mod p
– 815 mod 23 = 2.
Both Alice and Bob have arrived at the same value,
because gab and gba are equal.
• Note that only a, b and gab = gba are kept secret. All the
other values are sent in the clear. Once Alice and Bob
compute the shared secret they can use it as an
encryption key, known only to them, for sending
messages across the same open communications
channel.

• Much larger values of a, b, and p would be needed to
make this example secure, since it is easy to try all the
possible values of gab mod 23 (there will be, at most, 22
such values, even if a and b are large). If p were a prime
of at least 300 digits, and a and b were at least 100 digits
long, then even the best algorithms known today could
not find a given only g, p, and ga mod p, even using all
of mankind's computing power. The problem is known as
the discrete logarithm problem.

The Scenario
Insecure Channel
Alice
Bob
Eve
• Alice
• Knows doesn't know
• p = 23 b = 15
• base g = 5
• a=6
• 56 mod 23 = 8
• 5b mod 23 = 19
• 196 mod 23 = 2
• 8b mod 23 = 2
• 196 mod 23 = 8b mod 23
• s=2
•
• Bob
• knows doesn't know
• p = 23 a=6
• base g = 5
• b = 15
• 515 mod 23 = 19
• 5a mod 23 = 8
• 815 mod 23 = 2
• 19a mod 23 = 2
• 815 mod 23 = 19a mod 23
• s=2
•
• Eve knows doesn't know

• p = 23 a=6
• base g = 5 b = 15
s=2
• 5a mod 23 = 8
• 5b mod 23 = 19
• 19a mod 23 = s
• 8b mod 23 = s
• 19a mod 23 = 8b mod 23=X
• log19a = log8b=X

Man in Middle Attack
• Alice want to communicate with bob securely.

• Alice does not realize that Eve is listening
• For this she sends n=11, g=7 to Bob.
Alice--- n=11,g=7
Bob--- n=11,g=7
Eve--- n=11,g=7
Now Alice , Eve & Bob select some random no. x, y
Alice--- x=3
Eve--- x=8,y=6
Bob--- y=9
• Alice computes
A = gx mod n = 73 mod 11 = 2
Eve Computes
A = gx mod n = 78 mod 11 = 9
B = gy mod n = 76 mod 11 = 4
Bob computes
B = gy mod n = 79 mod 11 = 8
Alice sends A (i.e. 2) to Bob. Eve intercepts it & sends his A
(i.e. 9) to Bob. In return Bob sends B (i.e. 8) to Alice. Eve
intercepts it & sends his B (i.e. 4) to Alice. Both Alice &
Bob does not know that their values has been hijacked.
• At this juncture Alice, Eve & Bob has These values of A &
B
• Alice--- A= 2, B= 4*
• Eve--- A=2, B=8
• Bob--- A=9*, B=8
* indicates that these that these are the values Eve

hijacked them and changed them.

• Based on these values Alice, Eve & Bob calculates the

keys
• Alice computes
K1 = Bx mod n = 43 mod 11 = 9
Eve computes
K1 = Bx mod n = 88 mod 11 = 5
K2 = Ay mod n = 26 mod 11 = 9
Bob computes
K2 = Ay mod n = 99 mod 11 = 5

• Now Eve Has two keys K1=5 (Bob) & K2= 9 (Alice).
• When he receive message from Alice he manipulates
them and forward it to Bob using key K1=5 and vice
versa.

Asymmetric Key operation
• Public-key cryptography, also known as asymmetric
cryptography, is a form of cryptography in which the key
used to encrypt a message differs from the key used to
decrypt it.
• In public key cryptography, a user has a pair of
cryptographic keys—a public key and a private key.
• The private key is kept secret, while the public key may
be widely distributed.
• Incoming messages would have been encrypted with the
recipient's public key and can only be decrypted with his
corresponding private key.
• The keys are related mathematically, but the private key
cannot be practically derived from the public key.
Key range and key size
• A two bit binary no. has four states 00, 01, 10, 11.
• A three bit binary no. has eight states 000, 001, 010,
100, 011, 101, 110, 111.
• As no. of bit increases by one no. the no. of binary states
increases by double.
• Thus as the key size increases the no. of binary states
increases and so is the no. of key range and efforts
required to break the key.

Types of Attacks
• Cipher text Only : The attacker has only the cipher text, which he
may want to decode, or he may want to determine the key that was
used
• Known Plaintext : The attacker has a plaintext and its
corresponding cipher text. The goal of this attack is purely to
determine the key.
• Chosen Plaintext : The attacker gets to choose a plaintext and
can obtain the corresponding cipher text. The goal is to determine
the key. If the attacker has the opportunity to iteratively try different
plaintexts, then he can choose each plain text, based on information
that he received from the previous iteration. This is often referred to
as an Adaptive Chosen Plaintext attack
• Chosen Ciphertext : The attacker chooses a cipher text and can
obtain it's corresponding plaintext. An attacker may also use an
adaptive version of this attack, as with Chosen Plaintext
• Chosen Text : An attacker can choose both the cipher text and
the plaintext, and can get the corresponding texts to both.

Key range and key size

Thank You
**************************************************

Chapter 3
Computer-based Symmetric Key
Cryptographic Algorithms

Introduction
• Popular algorithms that are discussed are:

• DES (Data Encryption Standard),
• IDEA (International Data Encryption Algorithm),
• RC5,
• Blowfish.

Algorithm Types & Modes
• Algorithm Type defines what type of plain text should be
encrypted in each of the algorithm.
• Algorithm mode defines the details of the cryptographic
algorithm, once type is decided.
Algorithm Types
Stream Ciphers Block Ciphers

Stream Ciphers
• Stream cipher is a symmetric key cipher where plaintext
bits are combined with a pseudorandom cipher bit
stream (keystream), typically by an exclusive-or (xor)
operation.
• In a stream cipher the plaintext digits are encrypted one
at a time, and the transformation of successive digits
varies during the encryption.
• An alternative name is a state cipher, as the encryption
of each digit is dependent on the current state. In
practice, the digits are typically single bits or bytes.
• Stream ciphers typically execute at a higher speed and
have lower hardware complexity.
• Stream ciphers can be susceptible to serious security
problems if used incorrectly.
Block Ciphers
• Rather than encrypting one bit at a time, a block of bits is

encrypted at one go 64-bits or more .
Encryption

Confusion & Diffusion
• Confusion means that cipher text has no clue about plain

text. Achieved by means of substitution.
• Diffusion means spreading plain text across rows and
columns. Achieved by means of transposition or called
permutation techniques.

Algorithm Modes
Fig.
Algorithm Modes
Electronic Cipher Block Cipher Feedback Output Feedback

Code Book Chaining (CBC (CFB) (OFB)
(ECB)
These two modes work These two modes work

on block ciphers on block ciphers as
stream ciphers
Electronic Code Book (ECB)
Fig.

Electronic Code Book (ECB)
• The simplest of the encryption modes is the electronic

codebook (ECB) mode.
• The message is divided into blocks and each block is
encrypted separately.
• The disadvantage of this method is that identical
plaintext blocks are encrypted into identical ciphertext
blocks; thus, it does not hide data patterns well.
• In some senses, it doesn't provide serious message
confidentiality, and it is not recommended for use in
cryptographic protocols at all.

Cipher-block chaining (CBC)
• In the cipher-block chaining (CBC) mode, each block of

plaintext is XORed with the previous ciphertext block
before being encrypted.
• This way, each ciphertext block is dependent on all
plaintext blocks processed up to that point.
• Also, to make each message unique, an initialization
vector must be used in the first block.


• If the first block has index 1, the mathematical formula
for CBC encryption is
• while the mathematical formula for CBC decryption is
• CBC has been the most commonly used mode of

operation. Its main drawbacks are that encryption is
sequential (i.e., it cannot be parallelized).
• The propagating cipher-block chaining mode was
designed to cause small changes in the ciphertext to
propagate indefinitely when decrypting, as well as when
encrypting. Encryption and decryption routines are as
follows:

• One-bit change in a plaintext affects all following

ciphertext blocks, and a plaintext can be recovered from
just two adjacent blocks of ciphertext.As a consequence,
decryption can be parallelized.
• A one-bit change to the ciphertext causes complete
corruption of the corresponding block of plaintext, and
inverts the corresponding bit in the following block of
plaintext.

Cipher feedback (CFB)
• The cipher feedback (CFB) mode, a close relative of
CBC, makes a block cipher into a self-synchronizing
stream cipher.

Cipher feedback (CFB)
• Like CBC mode, changes in the plaintext propagate
forever in the ciphertext, and encryption cannot be
parallelized. Also like CBC, decryption can be
parallelized.
• When decrypting, a one-bit change in the ciphertext
affects two plaintext blocks: a one-bit change in the
corresponding plaintext block, and complete corruption
of the following plaintext block. Later plaintext blocks are
decrypted normally.
• This is useful for applications that require low latency
between the arrival of plaintext and the output of the
corresponding ciphertext, such as certain applications of
streaming media.

Output feedback (OFB)
• The output feedback (OFB) mode makes a block cipher

into a synchronous stream cipher: it generates
keystream blocks, which are then XORed with the
plaintext blocks to get the ciphertext.
• Just as with other stream ciphers, flipping a bit in the
ciphertext produces a flipped bit in the plaintext at the
same location.
• This property allows many error correcting codes to
function normally even when applied before encryption.
Encryption Decryption



• Each output feedback block cipher operation depends on

all previous ones, and so cannot be performed in
parallel.
• However, because the plaintext or ciphertext is only used
for the final XOR, the block cipher operations may be
performed in advance, allowing the final step to be
performed in parallel once the plaintext or ciphertext is
available.

Data Encryption Standard (DES)
• It was created by IBM named LUCIFER later adopted by

US govt. & renamed DES.
• It is a block cipher which takes 64 bits plain text as input
& produces 64 bits cipher text as output by using 56 bits
key.

• Basic principles
Key discarding process- Initial key of 64 bits is used &
every 8th bit of key is discarded i.e 8, 16, 24, 32, 40, 48,
56, 64 to produce 56 bit key.

• Fig.

• 1st 64 bit plain text is handed over to initial permutation

function.
• IP is performed over the plain text.
• IP produces two halves of the permuted blocks left plain
text (LPT) & right plain text (RPT).
• Now LPT & RPT goes 16 rounds of encryption process,
each with its own key.
• Now LPT & RPT are rejoined and FINAL
PERMUTATION (FP) is performed on the combined
block.
• The result is 64 bit cipher text.
Fig.

• Initial Permutation

• This means 58th bit in orignal plain text block will

overwrite the contents of 1st bit position during IP.
Similarly 1st bit position will overwrite 40th bit position
and so on…………
• As IP is done 64 bit plain text block is divided into two
blocks of 32 bits named LPT and RPT.

• Step 4 : Each of the 16 rounds consists of following

steps……………

Step 1: Key Transformation
Now from available 56 bit key a 48 bit sub key is
generate using process called key transformation.
For this 56 bit key is divided into two halves. These
halves are circularly shifted left one or two key positions
depending upon the round.

• After an appropriate shift 48 of the 56 bits are selected

such as.. It is known as compression permutation.
• Because of it DES is not easy to crak down.

• Step 2: Expansion Permutation

• After IP we have 32bit LPT and RPT.Now we will convert
32 bits RPT to 48 bits and will per mutate bits also.
• The 32 bit RPT is divided in 8 blocks of 4 bits as shown.

• Now each 4 bit block is expanded to 6 bit block by

adding two more bits as shown.


• Now we have 48 bit key obtained from key

transformation process and 48 bit RPT obtained from
Expansion permutation . They both are XORed with
each other and resulting output is given to next step
which is S-Box Substitution.
• Step 3: S-Box substitution is a process that accets the
48 bit input from the XOR operation involving the
compressed key and expanded RPT and produce a 32
bit output



• There are 8 sand boxes each for one block .

• Logic of sand box………Every sand box has 4 rows and
16 columns. At the intersection of every row and column
a 4 bit number is there.

• Now let us assume that 6 bit input of S-box is indicated

as b1,b2,b3,b4,b5,b6.
• Now bits b1 & b6 are combined to form a two bit number
which will be our row no. and b2,b3,b4,b5 will combine to
for a 4 bit number which will be our column no.
• For example 101101 of block two 1 & 1 will combine to
give decimal equivalent 3 (row no.) whereas 0110 will
combine to give decimal equivalent 6(column no.).
• Intersection of 3rd row and 6th column will give a four bit
no. i.e 4 whose binary equivalent is 0100 which is the out
put.


• Step 4: P-Box permutation

• Output contains 32 bits block. They are permuted using
P-Box.

• Step 5 : XOR and Swap
• We have been performing all these on 32 bit RPT and
LPT is untouched so far.
• Now LPT is XOR with output of P Box permutation and
result becomes new RPT and old RPT becomes new
LPT in this process of swapping.


• Final Permutation : The out put of this is obtained by

using this block. This is the cipher text we get.

• DES decryption : Same algorithm can be used for

decryption.
• The values of the tables and operations are so chosen
that the algorithm is reversible.
• The only difference is reversible of key positions.
• Orignal key is divided into K1,K2,K3………….K16 for the
16 encryption rounds & in decryption key should be
k16,k15,k14………………k1.

• Strength of DES : The inner working of the algorithm is

known to everybody therefore strength lies in the 56 bit
key.
• There is 256 keys which is roughly 2* 1016 keys and it will
required 1000 years to break the key.

• Due to tremendous advances in computer technology

(hardware & software) i.e higher processing speed, high
memory , parallel processing techniques etc……… DES
is susceptible to attacks.
• It would be nice to make this algorithm stronger rather
than making a new one.
• Hence there are two variations of DES DOUBLE DES &
TRIPLE DES.

Double Data Encryption Standard (DES)
• Here we use two keys k1 & k2.

• In Double DES, each 64-bit block of data is encrypted
twice with the DES algorithm, first with one key, then with
another, as follows:
• Encrypt with (key 1) Encrypt with (key 2)
• Plaintext (key1) (key2) cipher text
• Here we use two 56 bit keys hence no. of possible keys
is 2128 Keys.
• But meet in middle attack can be done.

Double Data Encryption Standard (DES)
• The meet-in-the-middle attack is a known plaintext attack

which requires that an attacker have both a known piece
of plaintext and a block of that same text that has been
encrypted. (These pieces are surprisingly easily to get.)
The attack requires storing 256 intermediate results when
trying to crack a message that has been encrypted with
DES (a total of 256 bytes), but it reduces the number of
different keys you need to check from 2112 to 256.
• How it happens……………..

Meet in middle attack
• Cryptanalst knows P plain text & C cipher text.

• The result of first encryption is T = Ek1 (P) [ i.e encrypt
block with key k1
• After this encrypted block is again encrypted with key k2
& we get C = Ek2(Ek1(P))
• Now what cryptanalysis can do. He is armed with P & C.
Step 1: For all possible values 256 of key K1, he will use
large table in memory of computer to perform following
steps:
1. He would encrypt plain text P to get T by performing
encryption using all possible 256 keys and store the result
in table.
Meet in middle attack Table of
• Fig. Cipher
text (T)
Possible Result=T
Keys
Result=T
00 Encrypt
01
10 Result=T
11
Result=T

• Now cryptanalyst will perform reverse operation.

• He will decrypt known cipher text C with all possible
values of k2 and each case compare the result with the
values in the table of cipher text.
• T = EK1(P) = DK2(C)

• Table of Cipher text (T)
Possible Result=T
Keys
Result=T
00
Decrypt
01 Result=T
10
11 Result=T
C
Triple DES
• Fig.

Triple DES with Two Keys
• Encrypt plain text with key1

• Decrypt the output of step 1 with key2.
• Finally encrypt the output of step2 with key1.
• Thus we have Ek1(Dk2(Ek1(P))).

International Data Encryption Algorithm
(IDEA)
• It is a patent algorithm developed in 1990.
• E-mail technology known as pretty good privacy is based
on it.
• Basic Principles : It is a block cipher works on 64 bit
plain text and key is longer i.e 128 bits.
• 64 bit plain text block id broken into four 16 bits block
from P1 to P2. There are eight rounds of the algorithm.
• 128 bit key is used , from it six 16 bits sub key is derived
for each round i.e 48 keys of 16bits .
• The final step is output transformation, which uses 4 sub
keys. Finally we get C1, C2, C3, C4.
International Data Encryption Algorithm (IDEA)

(IDEA)
• Rounds: Each round has series of operations.
• There are multiplication , addition, XOR operations but
these are not simple , but are modulo of these.
• Suppose addition of two 16 bit no. gives a 17 bit no. then
it is reduce tom 16 bit no. by taking modulo 65536 of
this.
• For example addition of 1111111100000000 &
1111111111000001 gives 11111111011000001 which is a
17 bit no. & we have only 16 bit positions available. Thus
we have to reduce this no. which is 130753 in decimal to
16 bit no. by taking 130753 modulo 65536 which is
1111111011000001.



(IDEA)
• Sub-key generation for a round : There are total 48 sub
keys plus 4 sub keys for final transformation.
Original Key (128 bits)
K2 (Bits 17-32)
K1 (Bits 1-16) K6 (Bits 81-96) Unused (Bits 97-128)



• Out put Transformation :


• Sub key generation for the output transformation : After
8th round key is exhausted.
• There must be circular shift of 25 bits on the key, thus
starting bit of the key is 23 and ending bit will be 22.
• Since there are just four keys each of 16 bits , a total of
64 bits are required.
• Thus bit positions 23-86 will be used and 87-128 , 1-22
remain unused.
• IDEA decryption : In decryption inverses of sub keys will
be used.
• Strength : Strength is 128 bit key . It requires
540000000000000000000000000 years to break it.

RC5
• It is block encryption developed by Ron Rivest.
• The main features ae that it is fast, have variable no. of
rounds, bit size key add to its flexibility.
• It can be set according to different security needs.
• It requires less memory allocation thus sutaible for
desktop computers, smart cards etc…….
• Basic Principles : Input text block, no. of rounds & key
size is variable. These values should be decided before
starting the algorithm.
• The plain text block size can be of 32, 64 or 128 bits ( 2-
word blocks are used)
• Key length can be from 0 to 2040 bits.
• For minimum safety 32 bits plain text block, 12 rounds,
16 bytes i.e 128 bit of key is used.
RC5

RC5
• Mathematical representation of RC5 encryption

A = A + S[0]
B = B + S[1]
For I = 1 to r
A = ((A XOR B) <<< B) + S[2i]
B = ((B XOR A) <<< A) + S[2i = 1]

RC5
• In first two steps input plain text blocks is divided into two
32-bit blocks A & B.
• The first two sub keys S0 & S1 added to A & B. This
produces C & D.
• Sub Key generation :

RC5

RC5

RC5

Blowfish
• This algorithm has following objectives : Fast, Compact, Simple,
Secure.
• Operations : Key expansion, Data encryption
• There are 16 rounds.
• The encryption of 64-bit block input X is as follows.
1. Divide X into two blocks : XL & XR of equal sizes.
2. For i=1 to16
XL = XL XOR P (i)
XR = F (XL) XOR XR
Swap XL, XR
Next i
3. Swap XL, XR (i.e. undo last swap)
4. XL = XL XOR P18
5. Combine XL & XR back into X.

Blowfish

Advance Encryption Standard (AES)
• It was developed by Rinjdael.
• AES is based on 128bit key.
• Main features are symmetric & paralel structure, adapted
to modern processors,suited for smart cards.
• Operation: Plain text can be of 16, 24, 32 bytes. It
consists of 16,12 or 14 rounds.
• Step 1: Byte Substitution- S-Box technique is used to
produce corresponding text.
• Step 2 : Shift Rows : Here 1st row is untouched & other
three rows are shifted by variable amount.
• Step 3 : Mix Columns : Four bytes of every column are
mixed in a linear fashion.
• Step 4 : Key Addition : Each byte is XORed with
corresponding input byte and the result becomes the
cipher text of this round.
Chapter 3
Computer-based Asymmetric Key

Cryptographic Algorithms

Asymmetric Key Cryptography
• Brief History : Diffie & Hellman first gave the concept of
Public key cryptography in 1970.
• James Ellis of Britain also purposed the idea of
asymmetric key cryptography.
• In 1977 Ron Rivest, Adi Shamir, Len Adleman developed
first major asymmetric key algorithm. It was called RSA
algorithm.
• Here there are two keys ,one for encryption & other for
decryption.



RSA Algorithm
• Prime numbers are the basis of RSA algorithm.

• It is based on the fact that it is easy to find & multiply
prime no.s together but extremely difficult to factor their
product.
• Public & private keys in RSA are based on very large
no.s made up of 100 or more digits.

RSA Algorithm

RSA Algorithm

RSA Algorithm

RSA Algorithm

RSA Algorithm
• Suppose B wants to receive a confidential message from

A, B must generate a private key (d), a public key (e) by
using earlier mechanism.
• B must give public key (e) & no. n to A. Using e & n, A
encrypts the message & then sends the encrypted
message to B.
• B uses his private key (d) to decrypt the message.
• The question is if B can calculate & generate d, anyone
else can also, but it is not simple.

RSA Algorithm
• An attacker knows public key e i.e 5 & number n i.e 119

could find private key d i.e 77 by trial & error.
• The attacker first find the value of p & q by trial & erro.
• The factoring of n into p & q is not easy. It is time
consuming & complex.
• Since it cannot find p & q, he cannot proceed further to
find out d, because d depends on p, q & e.
• Mathe matical research suggest that it would take more
than 70 years to find p & q if n is a 100-digit number.
• It was fond that RSA is 1000 times slower than DES.

RSA Algorithm

RSA Algorithm

• Here two keys are used.

• Its is slower than symmetric key cryptography.
• Size of encrypted text is moe than orignal size.
• Number of keys required is same as the no. of
participants.
• Can be used for encryption & decryption & digital
signatures.

The best of both worlds
• The solution must be completely secure.

• The encryption & decryption process must not take long
time.
• The generated cipher text should be of compact size.
• The key distribution problem must be solved by the
solution.
• It can be done by combining both symmetric &
asymmetric key cryptography.

Digital envolope
• A’s computer encrypts orignal plain text message PT

with the help of symmetric key cryptography & key K1 &
gets cipher text CT.
Symmetric Key
K1
Plain text PT Cipher text CT
ENCRYPTION

Digital envolope
• A now takes one time symmetric key K1 & encrypts it

with B’s public key K2. This process is called key
wrapping.
B’s public key K2
Symmetric key Encrypted

K1 symmetric key K1

Digital envolope
• Now A puts both cipher text CT & encrypted symmetric

key together inside a digital envolope.
Encrypted
Cipher text CT + symmetric key K1
Digital envolope
Digital envolope
• A now sends the digital envolope to B using network.

• B recives the envolope & get two things cipher text CT &
one time encrypted symmetric key K2.
• B now uses his private key K3 to decrypt symmetric key
K1 which was encrypted using B’s public key K2.
B’s private key K3
Encrypted
symmetric key K1 Symmetric key K1

Digital envolope
• Finally B apply same symmetric key K1 to cipher text CT

to get plain text.
Symmetric Key K1
Cipher text CT Plain text PT

Digital envolope
• Here fast encryption is achieved, since plain text PT is

encrypted using symmetric key algorithm key K1.
• Encryption of symmetric key algorithm key K1 by B’s
public key is also fast, since key size is generally small
(56 or 64 bits).
• Problem of key exchange is solved.

Digital Signatures

Digital Signatures

Digital Signatures

Digital Signatures

Digital Signatures

Digital Signatures

Digital Signatures

Digital Signatures

Digital Signatures

Digital Signatures

Digital Signatures

Digital Signatures
• Most countries have already made provisions for

recognizing a digital signature as a valid document.just
as paper based signatures.
• It has legal status now.

Message Digests
• In case of digital signatures it does not solve our problem

of slow encryption, since whole plain text is is encrypted
with senders private key.
• In real case more efficient scheme is used i.e message
digest.
• A message digest is a finger print or summary of
message.
• It is similar to the concept of Longitudinal Redundancy
Check (LRC) or Cyclic Rdundancy Check (CRC).
• It is used to verify integrity of data i.e massage has not
been tampered with after it leaves the sender.
Message Digests

Information Security Lectures

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Information Security Lectures

Uploaded by

Copyright:

Available Formats

Chapter 1

2/2/2023 Vivek Kapoor 1

2/2/2023 Vivek Kapoor 2

• Provide user id and password.

2/2/2023 Vivek Kapoor 3

2/2/2023 Vivek Kapoor 4

2/2/2023 Vivek Kapoor 5

2/2/2023 Vivek Kapoor 6

2/2/2023 Vivek Kapoor 7

• Passive (Release of message contents).

Replay Attacks Alterations

2/2/2023 Vivek Kapoor 8

• Application level attacks.

2/2/2023 Vivek Kapoor 9

2/2/2023 Vivek Kapoor 10

2/2/2023 Vivek Kapoor 11

2/2/2023 Vivek Kapoor 12

2/2/2023 Vivek Kapoor 13

2/2/2023 Vivek Kapoor 15

2/2/2023 Vivek Kapoor 16

2/2/2023 Vivek Kapoor 17

• Substitution Techniques. (Characters of

2/2/2023 Vivek Kapoor 19

2/2/2023 Vivek Kapoor 20

• As English language has 26 alphabets hence

2/2/2023 Vivek Kapoor 24

• It would take trillions of years to blindly

2/2/2023 Vivek Kapoor 25

2/2/2023 Vivek Kapoor 26

• Plaintext letters map to more than one

2/2/2023 Vivek Kapoor 27

• Here blocks of plain text alphabets are

2/2/2023 Vivek Kapoor 28

• Multiple one character keys.

• Rail Fence Technique.

2/2/2023 Vivek Kapoor 30

2/2/2023 Vivek Kapoor 33

2/2/2023 Vivek Kapoor 34

• It is implemented using a random set of

2/2/2023 Vivek Kapoor 35

2/2/2023 Vivek Kapoor 36

2/2/2023 Vivek Kapoor 38

2/2/2023 Vivek Kapoor 39

• Hill cipher is a polygraphic substitution cipher based on

2/2/2023 Vivek Kapoor 41

C1 = 9*p1 + 18*p2 + 10*p3 (mod 26)

2/2/2023 Vivek Kapoor 42

2/2/2023 Vivek Kapoor 43

Generalize to any size, larger blocks

Matrix must be invertible

2/2/2023 Vivek Kapoor 44

2/2/2023 Vivek Kapoor 45

2/2/2023 Vivek Kapoor 46

2/2/2023 Vivek Kapoor 47

2/2/2023 Vivek Kapoor 48

• Problem of key distribution/agreement/exchange.

2/2/2023 Vivek Kapoor 49

• It is a cryptographic protocol that allows two parties that

2/2/2023 Vivek Kapoor 50

2/2/2023 Vivek Kapoor 51

2/2/2023 Vivek Kapoor 52

• Alice computes (gb mod p)a mod p

2/2/2023 Vivek Kapoor 53

2/2/2023 Vivek Kapoor 54

C1 = 9p1 + 18p2 + 10*p3 (mod 26)